You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Emond Papegaaij (Jira)" <ji...@apache.org> on 2020/01/17 10:31:00 UTC

[jira] [Resolved] (WICKET-6724) CSP: Inline Javascript in AjaxLink

     [ https://issues.apache.org/jira/browse/WICKET-6724?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emond Papegaaij resolved WICKET-6724.
-------------------------------------
    Fix Version/s: 9.0.0-M5
       Resolution: Fixed

Both {{AjaxLink}} and {{AjaxSubmitLink}} are updated to use {{#}} with {{event.preventDefault}}

> CSP: Inline Javascript in AjaxLink
> ----------------------------------
>
>                 Key: WICKET-6724
>                 URL: https://issues.apache.org/jira/browse/WICKET-6724
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket-core
>            Reporter: Emond Papegaaij
>            Priority: Major
>             Fix For: 9.0.0-M5
>
>
> org.apache.wicket.ajax.markup.html.*AjaxLink*#onComponentTag : should rather completely remove the href, potentially some css class like `wicket-ajax-link` could be added
> {code:java}
> if (tagName.equalsIgnoreCase("a") || tagName.equalsIgnoreCase("link") ||
> 	tagName.equalsIgnoreCase("area"))
> {
> 	// disable any href attr in markup
> 	tag.put("href", "javascript:;");
> }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)